Claims 

[cl] In a computer system providing access to at least one secure resource upon 

authentication of a user where said user authentication is performed by an 
authentication server in remote communication with a client in use by said user, 
a method of saving said user authentication for use when said authentication 
server is unavailable, the method comprising: 

- submitting a user authentication request to said authentication server; 

- in response to a successful user authentication; 

- receiving an authenticated user credential which is unique to said user; 

- storing said authenticated credential on said client utilizing a security 
method to prevent tampering with the credential; 

- using said authenticated credential to access said at least one secure 
Jf resource. 

S [c2] The method of claim 1 further comprising: 

J - in response to an unsuccessful user authentication: ' 

Si - determining whether said authentication server is in operative 

T communication with said client; 

3 - in response to a determination that said authentication server is not in 

y s 

ffj operative communication with said client: 

15 - searching said client for a stored authenticated credential 

fll corresponding to said user; 

- in response to finding an authenticated credential corresponding 
to said user, using said stored authenticated credential to access 
said at least one secure resource; 

- in response to not finding an authenticated credential 
corresponding to said user, failing the user authentication request; 

- in response to a determination that said authentication server is in 
operative communication with said client: 

- erasing from said client any stored authenticated credential 
corresponding to said user; 

- failing said user authentication request. 

[c3] The method of claim 2 further comprising: 
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- implementing a set of security policies limiting the use of authenticated 
credentials stored on said client to access said at least one secure 
resource depending on a defined sensitivity of said 

at least one resource. 

[c4] The method of claim 1 wherein said security method is encryption of the 

credential. 

[c5] The method of claim 1 wherein said security method is Public Key 

Infrastructure. 

[c6] The method of claim 1 wherein said security method is hardware-based Public 

Key Infrastructure. 

q [c7] The method of claim 2 wherein said security method is encryption of the 

credential. 

fU [c8] The method of claim 2 wherein said security method is Public Key 

ii Infrastructure. 

C| [c9] The method of claim 2 wherein said security method is hardware-based Public 

CP 

pi! Key Infrastructure. 

0 [cl 0] 

fU In a computer system providing access to at least one secure resource upon 

authentication of a user where said user authentication is performed by an 
authentication server in remote communication via a secure gateway with a 
client in use by said user, a method of caching said user authentication for use 
when said authentication server is unavailable, the method comprising: 

- submitting a user authentication request to said authentication server; 

- in response to a successful user authentication; 

- receiving an authenticated user credential which is unique to said user; 

- storing said authenticated credential on said client utilizing a security 
method to prevent tampering with the credential; 

- storing said authenticated credential on said gateway utilizing a security 
method to prevent tampering with the credential; 

- using said authenticated credential to access said at least one secure 
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resource. 



[ell] 

The method of claim 1 0 further comprising: 

- in response to an unsuccessful user authentication: 

- determining whether said authentication server is in operative 
communication with said client; 

- in response to a determination that said authentication server is not in 
operative communication with said client: 

- determining whether said gateway is in operative communication 
with said client; 

- in response to a determination that said gateway is not in 
operative communication with said client: 

- searching the client for an authenticated credential 
corresponding to said user; 

- in response to finding an authenticated credential 
corresponding to said user, using said authenticated 
credential to access said at least one secure resource; 

- in response to not finding an authenticated credential 
corresponding to said user, failing the user authentication 
request; 

- in response to a determination that said gateway is in operative 
communication with said client: 

- searching the gateway for an authenticated credential 
corresponding to said user; 

- in response to finding an authenticated credential 
corresponding to said user, using said authenticated 
credential to access said at least one secure resource; 

- in response to not finding an authenticated credential 
corresponding to said user, failing the user authentication 
request; 

- in response to a determination that said authentication server is 
in operative communication with said client: 

- erasing from the client any authenticated credential 
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corresponding to said user; 

- erasing from the gateway any authenticated credential 
corresponding to said user; 

- failing the user authentication request. 

[cl 2] The method of claim 1 1 further comprising: 

- implementing a set of security policies limiting the use of 
authenticated credentials stored on said client or on said gateway 
to access said at least one secure resource depending on a defined 
sensitivity of said at least one resource. 

[cl 3] The method of claim 1 0 wherein said security method is encryption of the 

credential. 

O [cl 4] The method of claim 1 0 wherein said security method is Public Key 

Infrastructure. 

.jjL... 

b 

j y 

Kj [cl 5] The method of claim 1 0 wherein said security method is hardware- based Public 

m 

Key Infrastructure. 



s 



gi [cl 6] The method of claim 1 1 wherein said security method is encryption of the 

ru 

iy credential. 

fU [cl 7] The method of claim 1 1 wherein said security method is Public Key 

Infrastructure. 

[cl 8] The method of claim 1 1 wherein said security method is hardware- based Public 

Key Infrastructure. 
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